164.308(a)(6)(ii) - Response and Reporting (Required)

Illustrative Controls and TIBCO LogLogic Solution

Ensure that security techniques and related management procedures are used to authorize access and control information flows from and to networks such as Intrusion Detection.

The security incident management system must provide for adequate audit trail facilities that allow tracking, analyzing, and determining the root cause of all reported problems considering:

• All associated configuration items
• Outstanding problems and incidents
• Known and suspected errors
• Managing problems and incidents addresses how an organization identifies documents and responds to events that fall outside of normal operations. You must maintain a complete and accurate audit trail for network devices, servers and applications. This enables you to address how your business identify root causes of issues that may introduce inaccuracy in healthcare reporting. Also, your problem management system must provide for adequate audit trail facilities that allow tracing from incident to underlying cause.
• To satisfy this requirement, administrators must periodically review IDS logs to ensure the IDS tools are fully utilized. In addition, administrators must ensure all network devices, servers, and applications are properly configured to log to a centralized server. Administrators must also periodically review logging status to ensure these devices, servers and applications are logging correctly.
• By alerting on any failures that occur, administrators can respond rapidly to potential problems and incidents that might affect availability, security, or performance. Real-time data monitoring and reporting capabilities reduce time to repair after incidents, reducing costs, and improving application availability.

Reports and Alerts

Use the following link or reference to see the 164.308(a)(6)(ii) reports and alerts: 164.308(a)(6)(ii) - Response and Reporting (Required).